Klein and Amar Lalvani were two top executives at the Starwood hotel chain when they were recruited by Starwood’s chief competitor, Hilton, to help it start a new line of “lifestyle” hotels to compete with Starwood’s popular “W” hotels. According to a lawsuit filed by Starwood, the two executives are alleged to have absconded with over 100,000 confidential Starwood documents on their way out the door.
Meng was a 44 year-old software engineer living in Cupertino, California when, in 2008, he became the first person sentenced for a violation of the U.S.’s Economic Epionage Act of 1996. Meng had worked as an engineer for Quantum3D, a defense contractor that makes visual simulation software used for military training and other purposes. According to the U.S. Department of Justice, Meng engaged in widespread spying on behalf of The People’s Republic of China between 2002 and 2006: obtaining the source code for software known as Mantis, used by the U.S.
Min worked at Delaware based chemicals giant DuPont for over a decade before he surreptitiously took a job at DuPont competitor, Victrex. Over a four month period after accepting that offer, and before informing DuPont of his decision, Min systematically copied thousands of pages of confidential DuPont design documents to a laptop. DuPont became aware of Min’s theft only after the employee gave notice.
Bradley Manning’s is the face that launched a (hundred) thousand leaks. The 22 year-old intelligence analyst for the U.S. Army’s 2nd Brigade Combat Team, 10th Mountain Division was stationed in Iraq when, allegedly, he downloaded hundreds of thousands of classified documents and video from SIPRnet, the military’s classified intelligence network.
Even before PFC Bradley Manning made off with hundreds of thousands of pages of classified military and diplomatic documents, malicious insiders were a persistent and growing problem in the halls of government, The Pentagon and inside companies large and small. According to Verizon’s 2010 Data Breach Report, 48% of data breaches were caused by insiders – a 26% increase from the previous year. Likewise, the U.S. Military’s Defense Security Service (DSS) reports that insiders have caused more damage to the U.S.
Smartphone adoption has exploded in recent years, and this has not been lost on the attackers who are looking for the best way to separate users from their money and confidential data.
As predicted by researcher Dino Dai Zovi in these pages in January, 2010 turned out to be the year of the sandbox. Attackers for years have been focusing their attention on browsers and other Web apps and using them as jumping off points for further attacks on compromised PCs. Vendors finally began to take notice and implement sandboxes in their products.
There were a lot of excellent talks at conferences this year, but perhaps the most interesting and far-reaching presentation was one given by researchers Thai Duong and Juliano Rizzo at Ekoparty on a crypto attack against ASP.NET applications.
Before WikiLeaks emerged to dominate the news cycle in November, Stuxnet was the leader in the clubhouse for most overhyped, misconstrued and misunderstood story of the year. The worm burst onto the scene in July when researchers discovered it using four previously unknown Windows bugs and compromising computers running esoteric Siemens industrial control software.
Many people in the security and privacy communities have been aware of the activities of WikiLeaks for several years now, but in 2010 the group hit the mainstream like a hurricane. First came document dumps that revealed embarrassing details about the way the U.S. has conducted the war in Iraq.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
